CVE Vulnerability

CVE-2007-2314

Multiple SQL injection vulnerabilities in Crea-Book 1.0, and possibly earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) pseudo or (2) passe parameter to (a) configurer.php, (b) connect.php, (c) delete.php, (d) delete2.php, (e) index.php, (f) infos.php, (g) membres.php, (h) modif-infos.php, (i) modif-message.php, (j) modif.php, (k) uninstall.php, or (l) uninstall_table.php in admin/, different vectors than CVE-2007-2000. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

6.8 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

References
Link Resource
http://secunia.com/advisories/24862 Vendor Advisory
http://www.osvdb.org/34818
http://www.osvdb.org/34819
http://www.osvdb.org/34820
http://www.osvdb.org/34821
http://www.osvdb.org/34822
http://www.osvdb.org/34823
http://www.osvdb.org/34824
http://www.osvdb.org/34825
http://www.osvdb.org/34826
http://www.osvdb.org/34827
http://www.osvdb.org/34828
http://www.osvdb.org/34829
Configurations

Configuration 1

cpe:2.3:a:crea-book:crea-book:*:*:*:*:*:*:*:*
Information

Published : 2007-04-26 09:19

Updated : 2008-09-05 09:22

NVD link : CVE-2007-2314

Mitre link : CVE-2007-2314

Products Affected
No products.
CWE
NVD-CWE-Other